Closed achou11 closed 1 month ago
worth keeping in mind that this could very much be some kind of bug around packaging for @node-rs/crc32
(yauzl-promise
depends on a version that's about 3 minor releases older)
Mhm! interesting. Yeah, I know my lockfiles have messed you in the past...
Do you think installing some dep (like yauzl, i.e.) with --verbose
may help??
I'm surprised
npm ci
doesn't catch this. From its docs:If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
I would expect that to have caught this...
If i understand that snippet, I wouldn't expect this to be caught. The binaries are a transitive dependency of yauzl-promise
via @node-rs/crc32
and are marked as optional dependencies for @node-rs/crc32
.
I'm just kind of confused about how to prevent this from happening - seems like it's kind of dependent on the machine that installs/updates the deps, plus some hidden behavior of npm depending on OS (e.g. seems like in Tomas' PR, it kept the binaries needed for Linux and pruned everything else)
I wonder if npm config ls
shows anything different on Tomás's machine?
I know this is already close, but this is a dump of npm config list --json
. I don't see anything suspicious though...
{
"json": true,
"access": null,
"all": false,
"allow-same-version": false,
"also": null,
"audit": true,
"audit-level": null,
"auth-type": "web",
"before": null,
"bin-links": true,
"browser": null,
"ca": null,
"cache": "/home/szgy/.npm",
"cache-max": null,
"cache-min": 0,
"cafile": null,
"call": "",
"cert": null,
"cidr": null,
"color": true,
"commit-hooks": true,
"cpu": null,
"os": null,
"depth": null,
"description": true,
"dev": false,
"diff": [],
"diff-ignore-all-space": false,
"diff-name-only": false,
"diff-no-prefix": false,
"diff-dst-prefix": "b/",
"diff-src-prefix": "a/",
"diff-text": false,
"diff-unified": 3,
"dry-run": false,
"editor": "nvim",
"engine-strict": false,
"fetch-retries": 2,
"fetch-retry-factor": 10,
"fetch-retry-maxtimeout": 60000,
"fetch-retry-mintimeout": 10000,
"fetch-timeout": 300000,
"force": false,
"foreground-scripts": false,
"format-package-lock": true,
"fund": true,
"git": "git",
"git-tag-version": true,
"global": false,
"globalconfig": "/home/szgy/.config/nvm/versions/node/v18.19.1/etc/npmrc",
"global-style": false,
"heading": "npm",
"https-proxy": null,
"if-present": false,
"ignore-scripts": false,
"include": [],
"include-staged": false,
"include-workspace-root": false,
"init-author-email": "",
"init-author-name": "",
"init-author-url": "",
"init-license": "ISC",
"init-module": "/home/szgy/.npm-init.js",
"init-version": "1.0.0",
"init.author.email": "",
"init.author.name": "",
"init.author.url": "",
"init.license": "ISC",
"init.module": "/home/szgy/.npm-init.js",
"init.version": "1.0.0",
"install-links": false,
"install-strategy": "hoisted",
"key": null,
"legacy-bundling": false,
"legacy-peer-deps": false,
"link": false,
"local-address": null,
"sbom-format": null,
"sbom-type": "library",
"location": "user",
"lockfile-version": null,
"loglevel": "notice",
"logs-dir": null,
"logs-max": 10,
"long": false,
"maxsockets": 15,
"message": "%s",
"node-options": null,
"noproxy": [
""
],
"offline": false,
"omit": [],
"omit-lockfile-registry-resolved": false,
"only": null,
"optional": null,
"otp": null,
"package": [],
"package-lock": true,
"package-lock-only": false,
"pack-destination": ".",
"parseable": false,
"prefer-dedupe": false,
"prefer-offline": false,
"prefer-online": false,
"prefix": "/home/szgy/.config/nvm/versions/node/v18.19.1",
"preid": "",
"production": null,
"progress": true,
"provenance": false,
"provenance-file": null,
"proxy": null,
"read-only": false,
"rebuild-bundle": true,
"registry": "https://registry.npmjs.org/",
"replace-registry-host": "npmjs",
"save": true,
"save-bundle": false,
"save-dev": false,
"save-exact": false,
"save-optional": false,
"save-peer": false,
"save-prefix": "^",
"save-prod": false,
"scope": "",
"script-shell": null,
"searchexclude": "",
"searchlimit": 20,
"searchopts": "",
"searchstaleness": 900,
"shell": "/usr/bin/bash",
"shrinkwrap": true,
"sign-git-commit": false,
"sign-git-tag": false,
"strict-peer-deps": false,
"strict-ssl": true,
"tag": "latest",
"tag-version-prefix": "v",
"timing": false,
"umask": 0,
"unicode": true,
"update-notifier": true,
"usage": false,
"user-agent": "npm/{npm-version} node/{node-version} {platform} {arch} workspaces/{workspaces} {ci}",
"userconfig": "/home/szgy/.npmrc",
"version": false,
"versions": false,
"viewer": "man",
"which": null,
"workspace": [],
"workspaces": null,
"workspaces-update": true,
"yes": null,
"npm-version": "10.2.4"
}
Restores the inclusion of all platform-specific binaries for
@node-rs/crc32
and@bufbuild
. Without this, I was not able to run the code locally (usually as tests) on macOS, with an error looking like this:Git bisect showed that these deps were removed from the lockfile via 9fa05aa99eef1bd2a9e0dab9cc6dd0a7b8069d03. @tomasciccola I'd be curious if there's some different behavior from npm that occurs when you install/update deps? I've run into this problem before where the lockfile unexpectedly changes this dep after you've made updates 🤔
Additionally, wondering what the best way of avoiding this issue moving forward is. Otherwise it will probably keep happening.